OpenVPN prior to domain login with deployment options



  • Hello Folks,

    I'm attempting to set up OpenVPN Service to do automated VPN connection prior to domain login (MS AD, for GPO deployment on remote users). I've managed to get this working smoothly (Remote Access TLS/SSL), however deployment and user configuration is a nightmare for 60+ users. I basically have to create a user in PFSense for each user in our 'VPN Users' group on the MS AD so there would be a certificate created.

    Is there a way to do this without having to use the PFSense user certificates? I'd like to find a way to update the current user configs to use the new certificate based authentication without having to manually create 60+ users in pfsense, then have to manually deploy onto each computer remotely. I believe there's a way to

    Alternatively, is there a way to do computer based authentication instead of user/password or certificate? MS AD already has the computer objects, but I haven't found a way to get it to work with either LDAP or RADIUS as the client keeps erroring asking for either a password, or authentication method missing.

    Thanks in advance!


Log in to reply